The security branch of the company I work for has asked me to uninstall Brave because of “suspicious IP communication towards 185.199.110.133”. When I look around for reports on this IP, most seem to find it innocuous, but this site does list related suspicious activity: https://www.abuseipdb.com/check/185.199.110.133
Other colleagues have also been told to remove Brave from their machines for this as well. I like Brave and would like to continue using it.
How can this issue be reproduced?
I didn’t monitor outgoing requests myself, but I presume the tools installed by our IT department identified the traffic as coming from Brave. Specifically, the “Brave Browser Helper” component.
Expected result:
Brave should not use “suspicious” IPs for its background processes. Nor connect in a “suspicious” manner? (I’ll see if I can get clarification from the security folks.)
Brave Version( check About Brave):
Version 1.77.97 Chromium: 135.0.7049.84 (Official Build) (arm64)
I thought it might be related to something built-in to Brave, as the security report I got mentioned “ISP Details: Fastly, Inc” and when searching for previous discussion of potentially similar issues, I came across this post:
Though as 289wk points out above, the IP seems to resolve to something on github.
These GitHub requests are probably coming from uBlock Origin then. I believe that’s how where they host some of their adblock lists.
If your IT department won’t let you do that, then one option is to remove uBlock Origin and set Shields to aggressive mode in Brave preferences. You should be an almost identical experience in terms of ad and tracker blocking since both Brave and uBlock Origin use EasyList. Brave doesn’t rely on GitHub for downloading lists. We re-distribute all of the lists on our servers.
It seems like the IP address was a red herring. The “suspicious activity” is Brave itself, which they have deemed “not approved”. They didn’t give me any reason.
